Redirecting responses



  •  I was perusing through some code for a web based project management tool we use (written in PHP) and came across a call to 'ResponseRedirect', naturally I wanted to take a peak what could possibly be contained in it that makes it so special. Needless to say I wasn't impressed.

    function ResponseRedirect($location)
    {
    header('Location: ' . $location);
    }


  •  "I am afeared of change and have a hard time adjusting to PHP so instead of learning, I'm going to force upon the language the methods that I'm already used to."



  • The only thing I see wrong with that is it lacks an exit (); or die (); after header (); as 1: header is acted on by the browser, not the program and 2: if headers are already sent it wont work and will effectively ignore that command which is especially dangerous if you use header for security/login redirects.

    In fact someone using the above function would be able to fix my stated bug in a few seconds, while someone that has hardcoded header (); everywhere will have a much tougher time.



  • @Meep3d said:

    The only thing I see wrong with that is it lacks an exit (); or die (); after header (); as 1: header is acted on by the browser, not the program and 2: if headers are already sent it wont work and will effectively ignore that command which is especially dangerous if you use header for security/login redirects.

    In fact someone using the above function would be able to fix my stated bug in a few seconds, while someone that has hardcoded header (); everywhere will have a much tougher time.

    Agreed.  Personally, I wouldn't use redirects in this way at all because you end up with goto-like spaghetti.  For smaller projects it should be fine, though, except for the missing exit.



  • I've done something like that myself so that if I ever should have time to fix the HTTP header injection vulnerability, that

    header('Location: ' . $location);
    exposes, i can just fix it in this one place.


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.